The Linux Administration group is for the discussion of technical issues technical issues that arise during the administration of Linux systems, including maintaining the operating system and supporting end-user applications.

This all works OK manually. All hosts (except my pc) are linux (openSSH).

I can use Putty to open the ssh session to host1, from there use "ssh -A -X host2"...until I reach the desired-target. My public key is already on all the hosts, and pageant is running with my key loaded and I configured Putty for x-forwarding and agent-forwarding.

How can I configure Putty to let me open a session to 'desired-target' without needing to type-in the "ssh -A -X hostN" command at each intervening hop?

I tried reading the Putty documentation but it is too technical/concise for me to understand, or maybe I'm just too dim.

I can use the putty "remote command" field to enter "ssh -X -A host2" on the session definition for host1 and it worked, but I don't know how to chain more of those (for host3 , host4) to get to the desired-target in one go.

Is this a private network that you have at home? Put in your Windows pc and entry in the hosts file... %WINDIR%\system32\drivers\etc\hosts
an entry like

IP-address-for-host4 host4

And let the work be done by the system(s).

>
> Apologies if this is the wrong group, suggestion welcome for a better group.
>
> I use Putty Release 0.6.
>
> I need an SSH session to a specific linux box but I must go through 4
> different hops before I reach my final target.
>
> My-Windows-pc --> host1 --> host2 --> host3 --> host4 -->desired-target.
>
> This all works OK manually. All hosts (except my pc) are linux (openSSH).
>
> I can use Putty to open the ssh session to host1, from there use "ssh -A -X
> host2"...until I reach the desired-target. My public key is already on all the
> hosts, and pageant is running with my key loaded and I configured Putty for
> x-forwarding and agent-forwarding.
>
>
> How can I configure Putty to let me open a session to 'desired-target'
> without needing to type-in the "ssh -A -X hostN" command at each intervening
> hop?
>
>
> I tried reading the Putty documentation but it is too technical/concise for
> me to understand, or maybe I'm just too dim.
>
> I can use the putty "remote command" field to enter "ssh -X -A host2" on the
> session definition for host1 and it worked, but I don't know how to chain
> more of those (for host3 , host4) to get to the desired-target in one go.
>

NOTICE: This communication is intended only for the use of the individual or entity to which it is addressed and may contain information that is privileged, confidential and exempt from disclosure under applicable law. If the reader of this communication is not the intended recipient or the employee or agent responsible for delivering the communication, you are hereby notified that any dissemination, distribution or copying of this communication is strictly prohibited. If you have received this communication in error, please notify me immediately by replying to this email.

REMINDER: The disclosure of medical information is strictly prohibited by federal regulation. Unauthorized release of medical information may result in administrative, civil and criminal sanctions.

Did you tried to modify your .bash_profile or .bashrc to do the ssh to the next server.

So for example you ssh server a server has in yor .bashrc ssh seerver b, and server has in .bashrc ssh server c and so on.

----Mensaje original----

De: email@removed

Fecha: 07/07/2011 11:15

Para: "mabeleira"

Asunto: [linuxadmin-l] Putty question - how to automate an ssh connection that has 4 intervening hops between PC and target?

Toolbox linuxadmin-l

Posted by Mike PCNL

on Jul 7 at 10:26 AM

Apologies if this is the wrong group, suggestion welcome for a better group. I use Putty Release 0.6. I need an SSH session to a specific linux box but I must go through 4 different hops before I reach my final target. My-Windows-pc --> host1 --> host2 --> host3 --> host4 -->desired-target. This all works OK manually. All hosts (except my pc) are linux (openSSH). I can use Putty to open the ssh session to host1, from there use "ssh -A -X host2"...until I reach the desired-target. My public key is already on all the hosts, and pageant is running with my key loaded and I configured Putty for x-forwarding and agent-forwarding. How can I configure Putty to let me open a session to 'desired-target' without needing to type-in the "ssh -A -X hostN" command at each intervening hop? I tried reading the Putty documentation but it is too technical/concise for me to understand, or maybe I'm just too dim. I can use the putty "remote command" field to enter "ssh -X -A host2" on the session definition for host1 and it worked, but I don't know how to chain more of those (for host3 , host4) to get to the desired-target in one go.

Can you give a URL for putty manager? I see two possible items "putty session manager" (which does not seem to have the feature) and "putty manager" which seems to be pre-alpha on sourceforge, no docs, no built installables.

I thought of this as well, but it totally breaks the ability to login to the
other servers and NOT trigger the next SSH hop.

That was my reasoning behind using the command option in the authorized_keys
file to trigger the hop, so that there was some control over going to the
next hop or not.

So if you have 2 sets of ssh keys, one meant to jump through all 4 hops
(private key a) and the other just meant to authenticate into server a
(private key b), you can control what happens when you log into server a by
designating what private key file gets used.

Via the linux command line, this is done using the -i command line option:

-i identity_file
Selects a file from which the identity (private key) for RSA or
DSA authentication is read. The default
is ~/.ssh/identity for protocol version 1, and ~/.ssh/id_rsa
and ~/.ssh/id_dsa for protocol version 2.
Identity files may also be specified on a per-host basis in the
configuration file. It is possible to
have multiple -i options (and multiple identities specified in
configuration files).

In Putty, you could configure 2 sessions, one to use private key a and the
other to use private key b.

I have not tried this but in theory I believe it should work - I actually
need to try to figure this out myself to allow this same type of tunneling
through a scp from my local machine through server a and end up on server b.

Hi,
This may or may not be useful but in conjunction with modifying your .bashrc you could use one of the following two methods:
If set by sshd, you could use the $SSH_CLIENT variable, this will give you the IP address of the system which initiated the ssh connection. Obviously this would rely on the IP address Windows PC remaining the same.
Alternatively you could use the following command which will give you the hostname of the Windows PC

who -m | nawk '{FS="("; t1 = $2 ; FS="." ;$0 = t1; print $1}'

I currently use these methods to set up my $DISPLAY variable when logging into Solaris via Cygwin/X on a Windows PC to ensure X applications are thrown to the correct display
Stv_t

Thanks to all who responded.
For the record, I got a 'one click' method working only by using OpenSSH under Cygwin.
I used a script that did the chain of ssh commands between the various bastions.
This works fine once my ssh-agent has the private-key loaded and the various ssh commands have the agent-forwarding and ServerAliveIntervals configured appropriately.
This also allowed me to create tunnels on the ssh links using the same batch files which saved a lot of otherwise tedious manual steps.

You can do this with putty much easier.
Take your script that you are using in OpenSSH with Cygwin and have it as bash script file that you run from putty.
Under "Connection">"SSH" there is the option to run remote command.

You can use that to automatically trigger the linux pass through tunnels that are easy to do Linux to Linux...

If I use that method (Putty runs remote bash script that itself performs the chain of SSH comands) then I would also need to configure the "nearest" link of the tunnel(s) inside putty. This means the tunnel-creation is split into two parts, one in putty the other in the remote bash-script. That's less desirable for me, or so it seems, based on my understanding of your suggestion. However, I certainly accept that your suggestion has a hugely lighter footprint on the local workstaiton (i.e. no need to install cygwin), although in my client sites I almost always have to use an X-server (and I just use cygwin/x) and usually need to develop shell scripts (Korn) and scp lots of files between Windoze and Unixoid hosts so Cygwin is there on the local laptop/workstation anyway. But your suggestion is fine for users who don't need a fat cygwin installation.

Copyright 1998-2015 Ziff Davis, LLC (Toolbox.com). All rights reserved. All product names are trademarks of their respective companies. Toolbox.com is not
affiliated with or endorsed by any company listed at this site.